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(54) IC CARD AND METHOD OF USING iC CARD 

(57) A private key write control unit (48) permits 
writing of a private key just once into a private key stor- 
age unit (36) after initialization. SImtlariy, a particular 
data write control unit (42) permits writing of particular 
data only once into a data storage unit (34) after initiali- 
zation Since a person other than the IC card manufac- 
turer can write in a private key or particular data after 
the fabrication stage of the IC card, flexibility in the 
application of IC cards can be ensured . Also, improper 



usage of a card can be prev^ted since the written data 
is inhibited of being rewritten The IC card manufacturer 
can initialize the data storage unit (34) and the private 
key storage unit (36) by a data initialization unit (44) and 
a private key initialization unit (46). Therefore, the cost 
of an IC card can be reduced by allowing reusage of IC 
cards. 
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Description 
Technical Field 

[O001] The present invention relates to an IC card and 
a method of using an IC card Particularly, the present 
invention relates to an IC card and an IC card usage 
method irrproved in securify 

Background Art 

[0002] A commurvcation system using a non-contact 
type IG card is errployed in the automatic exarrunation 
for lifts in skiing grourxis and railroads, automatic sort- 
ing of parcels, and the like. An example of a conven- 
tional rKsn-Gontad lype IC card is shown in Rg . 16. An 
IC card 2 shown in Fig 16 is a one-coil type IC card, 
including a coil 4 functioning as an antenna, capacitois 
CI and C2. and an IC chip 8 

[0003] Capacitors CI . C2 and IC chip 8 are mounted 
on a fQm-like synthetic res'n st^strate The substrate 
mounted vMth capacitors CI, C2 and IC ch^ 8 is 
referred to as a tab (tape automated bonding) 10. 
[0004] Rg. 1 7A ^ a sectional view of IC card 2 taken 
along SI -SI of Rg. 16 A core merrtoer 12 formed of 
synthetic resin is sandwiched by a pair of surface layer 
members 14 and 16l Tab 10 mounted with capacitors 
CI. C2 and iC chip 8 is fixed at surface layer member 14 
exposed within a cavity 1 8 provided in core member 12 
The junction portion of tab 10 and IC ch^ 8 is covered 
with an encapsulant 9 such as of epoxy resin 
[0005] Coil 4 is located between surface layer member 
14 and core mender 12. Coil 4 and tab 10 are con- 
nected by a wire 20_ 

[0006] Rg 17B shows a drcuit diagram of tC card 2 
IC card 2 receives an electromagnetic wave sent from a 
reader/writer (an interrogator not shown) by a resonant 
circuit 22 formed by coil 4 and capacitor CI as the 
power source. Capacitor C2 is the capacitor for smooth- 
ing power. 

[0007] The informafion sent in an overlapping manner 
with the electromagnetic wave is decoded by a control 
unit (not shown) pnovided in IC chip 8. wher^ the con- 
tents of a nonvolatile memory (not shown) provided in 
IC chip 8 is rewritten, and a response is sent back to the 
reader/writer. This response is effected by altering the 
impedance of resonant circidt 22. The reader/writer 
identifies the contents of the response i^y detecting 
change in impedance (impedance reflectance) of its 
own resonant circuit (not shown) corresponding to the 
impedance change of resonant circuit 22 of IC card 2. 
[0008] By using such an IC card 2. data can be trans- 
mitted/received wnthout requiring a power source in the 
card and in an non-contact manner. 
[0009] A communtoation system using the above- 
described oonvenfional IC card has prdblems set forth 
in the following. In a communication system using a 
conventional IC caid. security is sought by encrypting 



the communication data between the reader/writer and 
the IC card. However, the data can be decoded and 
rewritten if the encryption is decoded, it is therefore dif- 
ficult to ensure the security of the system by means of 

5 only the encr yptton. 

[0010] There is an approach of preventing improper 
reproduction of an IC card of no further use by com- 
pletely disabling data rewriting of the IC card of no fur- 
ther use. However, this will prevent recycling of the IC 

10 card, resulting in increase in the cost of IC cards. 

[001 1 ] An object of the present invention is to provide 
an IC card of high security and low cost, and a method 
of using an IC card, soMng the above problems 

15 Disclosure of the Invention 

[001 2] To achieve the above object, an IC card accord- 
ing to an aspect of the present invention includes a data 
comrriunication unit for data communication with an 

20 interrogator, a data storage unit storing data, and an 
access control unit controlling access of the data stor- 
age unit according to ifie data obtained from the data 
communication unit The access control unit includes a 
data tnitialization unit initializing the data storage unit 

25 according to a predetermined data initialization instruc- 
tion obtained from the data communication unit, and a 
particular data write control unit providing control to 
aOow predeternruned particular data of card application 
to be written only once into the data storage unit that s 

30 initialized by the data initialization unit 

[001 3] The IC card of the present invention is charac- 
ter Ized in that tiie data storage unit is initialized accord- 
ing to a predetermined data initialization instruction to 
allow predetermined particular data of card application 

35 to be written only once onto the Initialized data storage 
unit. 

[001 4] Therefore, the particular data once written into 
the data storage unit cannot be rewritten unless the 
data storage unit is initialized Furthermore, the data 

40 storage unit can be initialized by only the person who 
Knows the predetermined data initialization instruction. 
Therefore, unauthorized rewriting of particular data can 
he suisstantiaNy prevented by distinguishing the person 
who can write in the particular data and the person who 

45 can initialize the data storage unit. Thus, the security of 
the card can be improved. 

[0015] Since the card can be initialized in addition to 
prevent improper rewriting, recycling of the card is 
aBowed Therefore, the cost of the card can be reduced. 

50 [0016] Preferably, the IC card further includes a pri- 
vate key storage unit to store a private key to access the 
particular data stored in the data storage unit The 
access control unit further includes a particular data 
read out control unit to provide control to allow particular 

55 data to be read out only when the private key is input. 
[001 7] The IC card of the present inventk>n is charac- 
terized by including a private key storage unit storing a 
private key to access particular data stored in the data 
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storage unit to allow the particular data to be read out 
only when the private key is input. 
[001 8] The particular data can be read out only by the 
person who knows the private key for that particular 
data By keeping this private key confidential. leakage of 
the particular data can be prevented In other words, the 
security of the card is further improved 
10019] Further preferably, a particular data write con- 
trol unit provides control to allow particular data to be 
written only once into the data storage unit that is initial- 
ized by the data initialization unit only when the private 
key is input 

[0020] The IC card of the present invention is charac- 
terized in that the particular data can be written only 
once into the initialized data storage unit only when the 
private key is input 

[0021] Particular data can be written only by the per- 
son who has knowledge of the private key for the partic- 
ular data. Therefore, writing of particular data other than 
an authorized person can be prevented by keeping the 
private key conf identiaf . 

[0022] Further preferably, the access control unit fur- 
ther includes a private key initialization unit initializing 
the private key storage unit according to a predeter- 
mined private key initializalion instruction obtained from 
the data communication unit and a private key write 
control unit providing control to allow the private key to 
be written only once into the private key storage unit 
that is initialized by the private key initialization urvt. 
[0023] The IC card of the present invention is charac- 
terized in that the private key can be written only once 
into the Initialized private key storage unit according to a 
predetermined private key initialization instruction. 
[0024] Therefore, the private key once written rito the 
private key storage unit cannot be rewritten unless the 
private key storage unit is initialized. Only the person 
who has knowledge of the predetermined private key 
initialization insb*uction can initialize the private key stor- 
age unit Unauthorized rewriting of the private key can 
t>e sut>stantially prevented tjy distinguishing the person 
who can write in a private key and the person vi^o can 
Irritialize the private key storage unit. Thus, the security 
of the card is further improved. 

[0025] Since the card can be Initialized in addition to 
preventing improper rewriting, recycling of the card is 
allowed Therefore, the cost of the card can be further 
reduced 

[0026] Further preferably, the IC card is configured to 
allow the private key to be written only once into the pri- 
vate key storage unit. 

[0027] According to the present invention, a private 
key once written cannot be erased. Therefore, improper 
usage of the card by rewriting the private key can be 
prevented . 

[0028] Further preferably, the data storage unit can 
store a flag corresponding to particular data. The data 
initialization unit initializes the flag to a write en^le 
state according to a data initialization instruction The 



particular data write control unit provides control to 
albw particular data to be written into the data storage 
unit only when the flag is at a write enable state. The 
f ^g is set to a write cfisable state v^en particular data is 

5 written into ^e data storage unit. 

[0029] The IC card of the present invention initializes 
each flag to a write enable state according to an initiali- 
zation instruction corresponding to particular data. Par- 
ticular data can be written into the data storage unit only 

10 when the relevant flag is at a write enaUe state. The rel- 
evant flag is set to a write disable state when particular 
data is written into the data storage unit 
[0030] By manipulating tiie flag corresponding to the 
partrcular data, ^e data storage unit can be initialized 

15 Also, rewriting of particular data can be inhibited. There- 
fore, the security of the card can be easily improved. 
Also, the cost of the card can be reduced 
[0031] Further preferably, the data storage unit is 
characterized in that open data not limited In the 

20 number of reading or writing times can also be stored 
therein 

[0032] According to the present invention, data not 

critical of secrecy can also be stored. 

[0033] The private key storage unit preferably stores a 

25 private key to access the open data stored in the data 
storage unit. The access control unit provides control to 
allow the open data to be rewritten only when the pri- 
vate key to access the open data is input. 
[0034] The IC card of the present invention can have 

30 the open data rewritten only when the private key corre- 
sponding to the access of the open data stored in the 
data storage unit is input 

[0035] The open data can be rewritten only by the per- 
son who has knowledge of the private key for the open 
35 data. By keeping that private key confkiential, the open 
data can be prevented from being rewritten by an unau- 
thorized person. 

[0036] Further preferably, the data Initialization 
instnjction is encrypted by a predetermined method. 

40 The data initialization unit is characterized in that the 
data storage unit is tniUalized only when the encrypted 
data is recognized as the data initialization instruction. 
[0037] The data tnittafization instruction of the IC card 
is data encrypted by a predetermined method The data 

45 storage unit Is initialized only when the encrypted data 
Is recognized as the data initialization instruction. 
[0038] Only the person who has knowledge of the 
encrypted data aicrypted by the predetermined method 
can initialize the data storage unit. The security of the 

so card can be Improved by using the relatively simple 
method of encryption to reduce the cost of the card, 
[0039] Further preferably, the data communication unit 
carries out data communication with an interrogator via 
an electromagnetic wave in an electrically non-contact 

55 manner. 

[0040] According to the present invention, the security 
of the so-called non-corttact type IC card can be 
improved to reduce the cost of the card. 
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[0041] Preferably, the data initialization instruction is 
dats *'.r- ./ing a predeternuned frequency The data initial* 
iza'j . nit is diaraclerized tn tfiat the data storage unit 
car: initialized only when the data having the prede- 
termrned frequency is recognized as the data inltiaKza' 5 
tion instruction 

[0042] According to the present invention, the data 
storage unit can be initialized only by the person who 
can apply the data having the predetermined frequency 
In other words, initiartzation of the data storage unit 10 
becomes more difficult for one other than the predeter- 
mined authorized person. 

[0043] injrther preferably, the data communication unit 
is characterized in that data oomrminlcation is carried 
out with an interrogator electrically in contact. is 
[0044] According to the present invention, the security 
of the so-called contact-type iC card can be irrproved to 
reduce the cost of the card 

[0045] According to another aspect of the present 
Invention, a method of using an IC card that carries out so 
data conmunication with an interrogator and that stores 
data is characterized In that initiafizatton of an IC card is 
allowed only when a predetermined initialization condi- 
tion is satisfied, pi edeta' mined parlicuiar data can be 
written only once into the inttiaPzed IC card, and the per- zs 
son effecting initialization and the person writing the 
particular data are d^inguished 
[0046] According to the present invention, the particu- 
lar data once written into an IC card cannot be rewritten 
unless the IC card is initialized. The IC card can be ini- so 
ttaOzed only by the person who has knowledge of the 
predetermined initialization condition. The person 
effecting inttiatization and tfie person writing the particu- 
lar data are distinguished from each other. Therefore, 
irrtproper rewriting of the particular c^ta can be substan- ss 
tially prevented. In other words, the security in the appli- 
cation of a card can be improved. 
[0047] Furthermore, recycling of the card is allowed 
since the card can be initialized as well as preventing 
improper rewriting. Therefore, the cost in the application 40 
of cards can be reduced. 

[0048] Further preferably, the person carrying out ini- 
tiartzation is the manufacturer of the IC csird. The person 
writing in tine particular data is the manufacturer of the 
interrogator and the provider of the IC card The manu- 45 
facturer of the Interrogator and the provider of the IC 
card are limited in the number of writing the predeter- 
mined particular data. i.e.. only once. Into the initialized 
IC card. The manufacturer of the IC card, the manufac- 
: . !er of the interrogator and the provider of the IC card so 
respectively distinguished from each other 
: .49] According to tiie present invention, the manu- 
isicturer of the IC card that carries out initialization, the 
manufiacturer of the interrogator that writes in particular 
data, and the provider of the IC card are distinguished 55 
from each other Therefore, the security with respect to 
secrecy in the application of cards can be further 
improved 
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[0050] Further preferably, the present invention is 
characterized in that a private key to access the parlic- 
uiar data stored in the IC card can be read out only 
when the private key is applied from the interrogator. 

[0051 ] According to the pr esent invention, the particu- 
lar data can be read out only by the person who has 
knowledge of the private key for tiiat particular data. By 
keeping tfmt private key confidential, leakage of the par- 
ticular data can be prevented The security in the appH- 
cation of tiie card can further be improved. 

Brief Description of tiie Drawings 

[0052] 

Fig. 1 shows an entire structure of an IC card 
according to a first embodiment of the present 
inverrtion. 

Rg. 2 shows a hardware structure where various 
functions of Rg 1 are realized using a CPU. 
Rg. 3 shows the contents of a non-volatile memory 
78 in the application of an IC card 30. 
Rg. 4 is a flow chart of the process of data transfer 
Rg. 5 is a flow chart of the process of data rewrit- 
ing. 

Rg 6 is a flow chart of an initialization process. 
Fig. 7 shows the contents of non-volatile memory 
78 of an initialized IC card 
Rg. 8 is a flow chart of a private key writing proc- 
ess. 

Rg 9 shows the contents of non-voiatile memory 
78 with a private key written in. 
Rg. 10 Is a flow chart of a particula^ data writing 
process 

Rg. 1 1 shows ihe contents of non-volatile memory 
78 witii the particular data written in. 
Rg 12 shows the usage of an iC card and the 
reused status according to the present invention. 
Rgs 13A and 13B show tiie case where a private 
key is stored in an EPROM 100 according to a sec- 
ond embodiment of the present invention. 
Rg. 14 shows the case where a comparator 1 1 for 
a private key (1) is provided in the second embodi- 
ment of the present invention. 
Rg 15 shows the case where a detection circiit 
122 for initialization is provided In a tiiird embodi- 
nnent of the present invention. 
Rg. 16 shows an exanple of a conventional non- 
contact type IC card. 

Rgs, 17A and 17B are a cross sectional view taken 
along SI -Si of Rg. 16 and a circuit diagram of IC 
card 2, respectively 

Best Mode for Carrying Out tire invention 

[0053] The present invention will be described witii 
reference to the drawings in order to provide a more 
detaBed description. 
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[First Embocfiment] 

[0054] Rg 1 IS a ttock diagram showing an entire 
structure of an tC card 30 according to a fn'st embodi- 
ment of the present invention. IC card 30 is a one-coil 
type IC card, used for automatic examination lor lifts at 
skiing grounds and railroads, automatic sorting of par- 
eels, and the Gke 

[0055] IC card 30 includes a data communication unit 
32, a data storage unit 34, a private key (cryptogram 
key) storage unit 36. and an access control unit 38 Data 
communication unit 32 carries out data communication 
with an interrogator 50 Data storage unit 34 stores 
data. Private key storage unit 36 stores a private key to 
access the particular data stored in data storage unit 
34. 

[0056] Access control unit 36 controls the access 
towards data storage unit 34 and private key storage 
unit 36 according to the data obtained from data com- 
munication unit 32 Access controt unit 38 includes a 
particular data read out control unit 40, a particular data 
write control urut 42. a data initialcation unit 44, a pri- 
vate key initialization unit 46. and a particular data write 
control unit 48. 

[0057] Data communication unit 32 receives a data 
initiaiizatton instruction and a private key initialization 
instruction, when applied, from interrogates 50 Data ini- 
tialization unit 44 responds to a data initialization 
Instruction to inrtiafize the stored contents of data stor- 
age unit 34 Private key niitialization unit 46 responds to 
a private key initialization instruction to initialize the pri- 
vate key stored in private key storage unit 36 An IC card 
30 of such an initialized state is delivered to the busi- 
ness proprietor that uses/operates the card. 
[0058] The business prcprietor using the card writes 
In a private key from intenogator 50 into IC card 30 This 
private key is applied to private tey write control unit 48 
via data communication unit 32. Private key write con- 
trol unit 48 prowdes control to write the private key into 
private key storage unit 36 Control is provided by pri- 
vate key write control unit 48 to allow such a private key 
to be written only once. Therefore, one other than the 
business proprietor employing the card is inhabited from 
rewriting this private key. 

[0059] The business proprietor employing the card 
writes particular data from interrogator 50 into IC card 
30 This particular data is appfied to particular data write 
control unit 42 via data communication unit 32. Particu- 
lar data write control unit 42 provides contol to write the 
particular data into data storage unit 34. Control is pro- 
vided by particular data write controt unit 42 to allow the 
particular data to be written only once. Therefore, one 
other than the business proprietor errploying the card 
cannot rewrite the particular data. 
[0060] In the usage of the card, the private key is 
transmitted when the particular data stored in data stor- 
age unit 34 is needed by one at the interrogator 50 skie 
This private key is applied to particular data read out 



control unit 40 via data communication unit 32. Particu- 
lar data read out control unit 40 reads out the private key 
from private key storage unit 36 and determines 
whether the read out private key matches the transmit- 

5 ted private key K they do not match, the read out of par- 
ticular data from data storage unit 34 is denied 
Accordingly, secrecy of the particular data can be pro- 
tected from a person who does not know the private key 
When the private keys match, the particular data is read 

10 out from data storage unit 34 to be sent to interrogator 
50 via data communication unit 32 

[0D61 ] By applying a data initialization instruction and 
a private key initialization instruction to IC card 30» that 
iC card 30 can be used again. Improper usage of the 

15 card can be prevented by keying this data irvtialization 
instruction and private k^ initiaHzation instruction confi- 
dential except for the manufacturer of the IC card. 
[0062] Fig 2 shows a hardware structure of the fea- 
tures of IC card 30 of Rg. 1. realized using a CPU. 

20 Under control of control unit 54, interrogator 50 sends 
out from antenna 56 a carrier wave of high frequency 
from an oscillatk>n circuit (OSC) 60. Upon approach of 
IC card 30 to interrogator 50. this h^h-frequency carrier 
wave is received by antenna 82 of IC card 30. A power 

25 supply generation ctrcuit 72 converts the received high 
frecpjency wave Into DC power arKJ supplies the same 
to other circuitry sections Thus. IC card 30 is operable 
when nearing interrogator 50 

[0063] Transmission of information from interrogator 
30 50 to IC card 30 is effected by modulating the high fre- 
quency carrier wave at a modulation/demodulation cir- 
cuit 52 under control of control unit 54 IC card 30 
demodulates the modulated carrier wave of high fre- 
quency at a modulation/demodulation ctrcuit 74 CPU 
35 76 obtains the demodulated information to carry out the 
required process such as rewriting the contents of non- 
volatile memory 78, sending back information, and the 
like 

[0064] In an opposite manner, information is transnrBt- 
40 ted from IC card 30 to interrogator 50 An oscillation cir- 
cuit is not pro>nded at the part of IC card 30 Therefore. 
. a carrier wave of high frequency that is not rhodulated is 
sent out from interrogator 50, and the impedance of res- 
onant circuit 80 Is altered by modulation/demodulation 
45 circuit 74 at the part of IC card 30. Interrogator 50 
detects this change in impedance by modula- 
tion/demodulation circuit 56 as an impedance change of 
its own resonant drcuit 56 Control unit 54 obtains the 
demodulated information to carry out the required proc- 
so ess. 

[0065] Since power supply wilt be eliminated as IC 
card 30 recedes from interrogator 50. the operation of 
IC card 30 ceases However, the stored information is 
retained due to non-volatile memory 78 even when no 
55 more power is supplied . In the present embodiment, an 
EPROM is used as non-volatile memory 78 
[0066] Fig. 3 shiows the stored contents of non-volatile 
memory 78 in the usage of IC card 30. The case is con- 
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sidered where IC card 30 is used as a cash card of an 
non-contact type automated-teller machine (ATM) In 
this case, interrogator 50 is accommodated in the ATM 
as a portion thereof. 

[0067] In an open data region 84. rewritable open data 
(a), (b), .of relatively low secrecy are stored. For 
example, transaction history and the tike are stored as 
open data. In a particular data region 86. particular data 
(1), (2), ... are stored For example, the type <tf the non- 
contact card oriented ATM device, the ID number of the 
card user, arKi the like are stored as particular data The 
particular data are written In by the manufacturer of the 
ATM or the bank which is the provider of the IC card. In 
a private key region 88, private keys (1). (2), . (O), (i) 
are stored. Private key (1). (2), ... (D) are written In by 
the manufacturer of the ATM and the t^ank whrch is the 
provider Private key {!) is written in by the manufacturer 
of tiie iC card 

[0068] The operation In the usage of IC card 30 will be 
descrit>ed with reference to Figs. 2-4. When a depositor 
carrying IC card 30 approaches an ATM, communica- 
tion between IC card 30 and the ATM is allowed. The 
operation of Interrogator 50 of the ATM is set forth in the 
following in order to obtain the open data (transaction 
history and the like) or the particular data (device type« 
ID number) stored in non-volatile mennory 78 of IC card 
30 

[0069] Interrogator 50 sends a data transfer instruc- 
tion and a preset private key to IC card 30. More specif- 
icaliy control unit 54 of interrogator 50 controls 
modulation/demodulation circuit 52 so that the carrier 
wave is modulated and sent out by the data transfer 
instruction and the private key Modulation/derrKxiula- 
tion circuit 74 of IC card 30 demodulates the data trans- 
fer instruction and the private key to a^ly the same to 
CPU 76. CPU 76 identifies that a data transfer instruc- 
tion has been sent to execute the data transfer program 
This program is stored in non-volatile memory 78. 
[0070] The data transfer program is represented by 
the f k}w chart of Rg. 4. First, CPU 76 reads out a preset 
private k^ corresponding to data trailer (here, private 
key (1)) from private key region 88 of non-volatite mem* 
ory 78. Then, determination is made whether the sent 
private key matches the read out private key (1) (step 
S30). If they do not match, the program ends >Anthout 
transferring data More specifically, determination is 
made of a read out process by an unauthorized person 
who does not l^ow the correct private key. Data transfer 
is refused. If the private keys match, the particular data 
or open data is read out from non-volatile memory 78 
The read out data is modulated by modulation/demodu- 
lation circuit 74 to be sent to interrogator 50 (step S32} 
The ATM communicates with the center computer of the 
center station to cany out the process of cash with- 
drawal/deposit and the like according to the obtained 
data by Interrogator 50. Thus, data is output in response 
to only a data transfer instruction from interrogator 50 
that has the proper private key 



[0071] Upon completion of the transaction such as 
cash withdrawal/deport, interrogator 50 transmits an 
instruction to update the transaction history stored in 
non-volatile memory 78 (data rewrite instruction) of IC 
5 card 30 In tills case, Interrogator 50 transmits a preset 
private key CPU 76 of fC card 30 responds to this data 
rewrite instruction to execute a data rewrite program 

[0072] Fig. 5 is a flow chart of a data rewrite program. 
CPU 76 reads out from private key region 88 of non-vol- 

10 atile memory 78 a preset private key corresponding to 
data rewriting (here, private key (1)). Then, determina- 
tion is made whether the transmitted private key 
matches the read out private key (1 ) (step 40). If they do 
not match, the program ends without writing the trans- 

IS action data (data is not rewritten). Rewriting of transac- 
tion data is rejected upon the determination of a rewrite 
process by an unautiiorized person who does not know 
tiie proper private key. If the private keys match, deter- 
mination is made whether the region of interest corre- 

20 spending to the data rewrite request is open data region 
84 or not (step S42). In the case of a rewrite instruction 
with respect to open data region 84. the transaction Ns- 
tory is rewritten according to the transmitted transaction 
data (step S44) In other words, the data stored in open 

25 data region 84 can be rewritten by the entry of a proper 
private key 

[0073] Only the open data region can be r ewritten witii 
respect to this data rewrite instruction. Otiier regions 
(particular data region aruJ private key region) cannot be 
30 rewritten by tills rewrite instruction The writing and 
reading operation of the particular data region and pri- 
vate key region v^ll be described aftenA/ards. 
[0074] For the above-descr ibed application of IC card 
30, the private key and particular data must be able to 
35 be written in by tiie manufacturer of the ATM and the 
provider (bank) of IC card 30 delivered from the manu- 
facturer of iC card 30. It is possible for the manufacturer 
of the IC card to write the private key and the particular 
data for shnpment to the manufacturer of the ATM and 
40 the provider (t^ank) However, a pliable operation cannot 
be performed In such cases. The ATM maker and the 
provider (bank) will find the system difficult to use. In 
view of the foregoing, the present embodiment allows 
the private key and particular data to be written respec- 
ts tively by the ATM maker and the provider (bank). 

[0075] The process of the ATM maker and provider 
(bank) writing in a private key and particular data 
respectively will be described hereinafter. The initial 
state of non-volatile memory 78 of IC card 30 delivered 
so from the IC card maker is as shown in Rg. 7. It is appre- 
ciated from Rg 7 that all data are initialized (here, "0*) 
except for private key (I) that is known only by the man- 
ufacturer of the IC card 

[0076] A private key and particular data are written 
55 throu^ a readerAAniter of interrogator 50 equal to that 
of the ATM in opa-ation. More specifically a private key 
write instruction is transnrvtted from inten^ogator 50 of 
the reader/writer (refer to Fig 2) In response. CPU 76 
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of IC card 30 carries out the private key rewrite process 
of Rg. 8 First, determination is made whether ttie Kflag 
of the area where the private key is to be written in pri- 
vate key region 88 is 0 or not (step S10). When the flag 
is 0. the transmitted private key is written into the rele- 
vant area of private key region 88 (step S12) Then, the 
K flag o1 that area is set to 1 (step SI 4). Thus, a private 
key can be written. 

[0077] When an attenpt is made to write into the area 
where the K fteg is 1 indicating writing has already be 
performed, the program branches from step S10 to 
reject rewriting. Private key region 88 is provided to 
aHow a plurality of private keys to be stored. Therefore, 
one business proprietor can set a plurality of private 
keys according to the processing contents, or two or 
more business proprietors (ATM maker, card provider, 
and the like) can set its own private key. The conterrts of 
non-volatile memory 78 having the private key written in 
are shown in Rg 9. 

[0078] The particular data write process is repre- 
sented by Rg 10 Similar to the private key. writing is 
allowed on the condition that the 8 flag is 0 in writing 
particular data. Once particular data is written, the S 
flag is set to 1 to disable rewriting The contents of non- 
volat'de memory 78 with particular data written in are 
shown in Rg . 1 1 . The device type of interrogator 50 cor- 
responding to the relevant card, the ID number issued to 
each depositor t3y the bank, and the like are preferably 
stored as particular data. This is because rewriting such 
data of high secrecy has the high possibility of being 
related to improper usage. 

[0079] Once the private key or the particular data is 
written, flags K and S of the relevant area are set to 1 to 
disat>te rewriting. In other words, writing is limited to 
only once Thus, operability is improved by aDowIng the 
private key and particular data to be written in by the 
ATM manufacturer and the bank while preventing 
improper rewriting to improve the security. 
[0080] In the present emtjodiment. 10 card 30 of no 
furttier use is collected and processed by the 10 card 
manufacturer to allow reusage of the 10 card. This proc- 
ess is carried out by the IC card maker using an initiali- 
zation apparatus Including an interrogator 50. More 
specificany. an initialization Instruction of non-volatile 
memcM-y 78 is transmitted from interrogator 60 of the ini- 
tialization apparatus together vtnth the private key for ini- 
tialization (refer to Rg. 2). In response. CPU 76 of IC 
cafd 30 carries out the initialization process of Rg. 6. 
Rrst private key (I) for irntialization is read out from non- 
volatile memory 78. Then, determbiation is made 
whether the transmitted private key matches the read 
out private key (I) (step S2) If they match, the area 
other than the area of private key (I) is initialized (here, 
set to 0) (st^ S4}. Accordingly, the contents of non-vol- 
atile memory 78 is returned to its initial state as shown 
in Rg. 7. allounng reusage 

[0081 J When the private keys do not match, determi- 
nation of an improper initialization instruction is made to 



12 

reject initialization The irdtiaiization instruction may be 
rejected when a wrong private key for initialization is 
entered continuously for at least N times This provides 
the advantage of preventing the atterript of entering 
5 sequentially the cedes of all possible combination as 
the private key to achieve the private key improperly. 

[0082] Thus, reusage of 10 card 30 is allowed in addi- 
tion to ensuring the security. 

[0083] The reusage cycle of 10 card 30 is schemati- 

70 cally represented in Rg. 12 A manufacturer 90 of 10 
cards initializes non-volatile memory 78 and ships the 
IC card. The IC card is shipped vwth the program of 
access control for each data region (refer to the previ- 
ous flow chart} written in . 

15 [0084] A manufacturer 92 of ATMs receives ttie 10 
card and writes in a private key (1) and particular data 
(1). Also, the program for operation is written. This pro- 
gram can be read out/rewritten only by the relevant pri- 
vate key (1). This is preferable from the aspect of 

20 security since private key (1) is known only by ATM 
manufacturer 92. Neither IC card manufacturer 90 nor 
IC card provider 94 has knowledge of private key (1) 
Since rewriting, as well as read out of the private key 
and particular data is inhibited as described above. 

25 imprqaer usage can be prevented. 

[0085] 10 card provider (bank) 94 receives 10 card 30 
in which the operation program is recorded to write in a 
private key (2) and particular data (2) (10 number for 
each depositor and the like). This is preferable from the 

30 standpoint of security since private key (2) and particu- 
lar data (2) are known only by 10 card provider 94 and 
tfie relevant depositor IC card manufacturer 90 and 
ATM manufacturer 92 do not have knowledge of private 
key (2) and particular data (2) . Since rewriting as well as 

35 read out of the private key and the particular data are 
inhibited, innproper usage can be prevented. 
[0086] 10 card 30 of no further use (for example, 
expired in valid term) is returned to 10 card manufac- 
turer 90 to be initialized for reusage 

40 [0087] When private key (1) or particular data (1) is 
erroneously written in by ATM manufacturer 92. tiiat 
information cannot be rewritten by ATM manufacturer 
92 per se. The erroneously written lO card is passed to 
manufacturer 90 of the 10 card . lO card manufacturer 90 

45 initializes that card, and then delivers the initlatized card 
to ATM manufacturer 92. A similar procedure is taken 
when private key (2) or particular data (2) is erroneously 
written by 10 card provider 94. 

[0088] By using such an 10 card 30, reduction in the 
so cost of the 10 card by reusage can be realized in addi- 
tion to the provision of a flexible 10 card application and 
security for each business proprietor 
[0089] It is preferable to have only one interrogator 
particularly prepared for initialization owned by 10 card 
55 manufacturer 90 for the sake of further improving tiie 
security. 
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[Second Embodiment] 

[00901 In the above first embocDment an EEPROM is 
usB^: for non-volatlle memory 78. Only private key 
region 88 can be formed by an EPROM as shown In 
Rgs. 13A and 13B. The security can further be 
inproved by disabling electrical rewriting. 
[0091] Furtierntore, rewritkig can be substant'ally 
inhibited by disatrfing ultraviolet radiation on the 
EPROM. In this case, each private key is no^ed In 
advance from the ATM manufacturer and the card pro- 
vider to have the IC card manufacturer write in each pri- 
vate key at the fat>rication stage of the IC card Although 
the private key cannot be rewritten, particular data can 
be rewritten to allow reusage. 

[0092] Since private key (I) corresponding to the IC 
card manufacturer does not have to be dianged, this 
mask can be exclusively formed by a mask ROM In 
contrast to the initialization process using private key (() 
according to the program of Fig. 6. the initiaGzation 
process can be carried out by providing a conrparator 
14 as shown In Fig 14. Moi e spedficaiiy, private key (I) 
is stored In a ROM 1 12. Comparator 1 14 responds to an 
instruction irom CPU 76 to compare the decoded pri- 
vate key with private key (I) stored In ROM 112. When 
they match, comparator 114 outputs a match signal to 
CP'J 76. When they do not match, a mismatch signal is 
output CPU 76 detemrnnes whether ^e sent private key 
is proper or not according to the match signal/hiismatch 
signal from conparator 114. 

[Third Embodiment] 

[0093] A ^ird enbodiment of the present invention 
associated vwth initialization of an 10 card will be 
described hereinafter. Fig 15 is a block diagram show- 
ing a hardware structure of an IC card according to a 
third emt>odiment of the present invention. In the 
present embodiment, a card initialization instruction 
corresponds to the application of a signal of a frequency 
differing from the general reception frequency 
[0094] For example, a predetermined intermittent sig- 
nal is output at a predetermined frequency aside from 
the harmonic component of the resonance frequency of 
resonant circuit 80. Detection circuit 122 of (C card 120 
has a bandpass filter that detects only that predeter- 
mined frequency. Detection circuit 122 outputs a detec- 
tion signal only when that relevant frequency is 
detected. When a signal of that frequency is received 
intermittently, a detection signal is output according to 
that intermittent signal. CPU 76 receives this detection 
output signal to determine whether It matches a prede- 
termined intermittent pattern CPU 76 executes the 
process of step S4 of Fig. 6. i.e.. the memory is initial- 
ized only when the intermittent pattern matches. 
[0095] When there is no incoming signal of that fre- 
quency, or when the transmitted intermittent pattern 
does not match the predetermined pattern, initialization 



is not carried out Therefore, initialization cannot be 
effected without interrogator 50 prepared particularly for 
initialization. Thus, security can be further improved. 

[0096] In the above embodiments, the data between 

5 the inten^ogator and the IC card is transmitted without 
being encrypted However, predetermined encryption 
can be applied for transmis^on Furthermore, the pri- 
vate key used as a password in the above emt>odiments 
can be used as a ciphes key for encryption to store data 

10 in cipher and transmit data in cipher 

[0097] In the above embodiments, the program is 
processed to inhibit read out and writing when the pri- 
vate key is improper. Alternatively, a signal inhibiting 
operation can be allied to the chip enable terminal and 

75 the like of non-volatile memor y 78 to inhibit read out and 
writing In hardware when determination is made of an 
improper private key by CPU 76. 
[0098] The above embodiments are descr ibed for the 
application of an IC card corresponding to an ATM. 

80 However, the present invention can be applied to an IC 
card for lifts in skiing grounds, a commentator ticket of 
railroad, a pass for express highw^s and the like. In 
o^er words, the present invention is applicable to the 
case where the manufacturer of apparatus correspond- 

25 ing to a card oi provider of the card is to store particular 
data individually. 

[0099] The portion of each function in Rg. 1 realized 
by a program usbg a CPU in the above ennbodiments 
can be implemented by hardware logics. Also, the por- 
30 fion realized by hardware logics can t>e inplemented by 

a program 

[0100] Although the above embodiments describe a 
card for data communication in an electrically non-con- 
tact manner via an electromagnetic wave, the present 
35 invention is applicable lo a card of data communication 
when in contact electrically 

[01 01 ] "Particular data read out control means** corre- 
sponds to the means of controlling the permis- 
sion/denial of reading out particul^ data according to a 

40 private key For exanrpte, steps S30 and 832 of Fig. 4 
correspond to the same in the emtxxiiment 
[0102] "Particular data write control means'* corre- 
sponds to the means of controlling so that particular 
data can be written just once into the data storage unit 

45 For example, steps S20, S22 and S24 of Fig 10 corre- 
spond to the same in the embodiment 
[0103] **Data initialization means" corresponds to the 
means of initializing at least a portion of or ail of the par- 
ticular data region in the data storage unit For example, 

so steps 32 and 84 of Fig. 6, or comparator 1 14 of Rg. 1 4, 
or detection circuit 122 of Fig 15 correspond to the 
same in the emtxxliments. Here, data initialization 
implies that particular data can be written again There- 
fore, not only erasing the particular data to allow rewfrt- 

ss ing of the 8 flag, but also rendering the S flag to a 
rewritable state wHIe leaving particular data is included. 
[0104] **Private key initialization means* corresponds 
to the means of initializing a portion of or all of the pri- 
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vate key For example, st^s S2 and S4 of Rg 6, com- 
parator 11 4 of Rg 1 4, or detection drcuit 1 22 of Rg 15 
correspond to the same in the present embodiments 

[0105] Here, initialization of a private Key impfies that 
the private key is rendered rewritable Therefore, the s 
concept includes, not only the case where the private 
key is erased and the K flag is set to a rewritable state, 
but also rendering the K flag rewritable while leaving the 
private key 

[01 06] "Private key write control means" corresponds io 
to the means of controlling so that a private key can be 
written just once into the private key storage unit. For 
exanple. steps S10. S12 and S14 of Fig 8 corresponds 
to the same In the embodiments. 

15 

Industrial Applicability 

[0107] Accofding to the present invention, an (C card 
of high security and that can be recycled is pro\rtded 
The present invention is advantageously applicable to 20 
the field of fabricating. seUing, or using an IC card. 

Claims 

1 . An IC card comprising: ss 

data communication means for carrying out 

data cornmunicatlon with an interrogator. 

a data storage unS storing data, and 

access control means for controlling access to 30 

said data storage unit according to data 

obtained from said data communication 

means, 

wherein said access control means cornprises 
data Hiitiatizatfon means for initializing sard 3S 
data storage unit according to a |:»*edetermined 
data Initialization instruction obtained from said 
data communication means, and 
particular data write control means for provid- 
ing control to allow predetermined particular 40 
data for card appQcatbn to be written only once 
into said data storage unit initialized by said 
data initialization means. 

2. The IC card according to claim 1 , further compris- 45 
ing a private key storage unit storing a private key to 
access particular data stored in said data storage 
unit, 

wherein said access control means further com- 
prises particular data read out control means for so 
controlling so that the parficular data can be read 
out only when a relevant private key is input 

3. The IC card according to claim 2. wherein said par- 
tici^ar data write control means is characterized by 55 
controlling so that said particular data can be writ- 
ten only once into said data storage unit that is ini- 
tialized by said data initialization means, only when 



said private key is input 

4. The IC card according to claim 2. wherein said 
access control means comprises 

private key initialization means for initializing 
said private key storage unit according to a pre- 
det^mined private key initialization instruction 
obtained from said data communication 
means, and 

private key write control means for controlling 
so that a private key can be written only once 
into said private key storage unit that is initial- 
ized by said private Key initialization means 

5. Tbe IC card according to daim 2, characterized by 
a configuration to allow a private key to be written 
only once into said private key storage unit 

6. The IC card according to claim 1, characterized in 
that 

said data storage unit can store a flag corre- 
sponding to said particular data, 
said data initialization means initializes said 
flag to a write enaii^e state according to said 
data inltia&zation instruction, and 
said particular data write control means pro- 
vides control to allow said particular data to be 
written into said data storage unit only when 
said flag is at a write enable state, and setting 
said flag to a write disable state when said par- 
ticular data is written into said data storage 
unit. 

7. The fC card according to claim 1, characterized In 
that said data storage unit can also store open data 
unlimited in the number of read out and rewriting 
times. 

8. TTie IC card according to claim 2, characterized in 
that said data storage unit can also store open data 
unlimited in the number of read put and rewriting 
times. 

9. The IC card according to claim 8. characterized in 
that said private key storage unit stores a private 
key to access the open data stored in said data 
storage unit, and said access control means pro- 
vides control to allow said open data to be rewritten 
only when said private key to access the open data 
is input. 

10. The IC card according to claim 1. characterized in 
that said data initializafion instruction is data 
encrypted by a predetermined method, and 

said data initialization means initializes said 
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data storage unit only when said encrypted 
data is recognized as a data initiaTization 
instruction. 

11. The IC card according to claim 1. characterized in 
that said data communication means carries out 
data communication with said interrogator via an 
electr omagnetic wave in an electrically non-contact 
manner 

12. The IC card according to claim 11. wherein said 
data initialization instruction is data having a prede- 
termined frequency, and 

said data initialization means initializes said 
data storage unit only when said data having a 
predetermined frequency is recognized as a 
data initialization instruction 

13. The IC card according to claim 1, characterized in 
that said data communica&on means carries out 
data communication with said interrogator electri- 
cally in contact 

14. A method of using an IC card that carries out data 
communication with an interrogator and that stores 
data, characterized in that: 

initialization of said IC card is allowed only 
when a predetermined initialization condition is 
satisfied. 

predetermined particular data is allowed to be 
written only once into an initialized IC card, and 
a person carrying out said irutialization is distin- 
guished from a person writing in said particular 
data. 

15. The method of using an IC card according to claim 
14, diaracterized in that: 

said person carrying out initialization is a man- 
utecturer of said IC card, 
said person writing in particular data is a man- 
ufacturer of said intenogator and a provider of 
said fC card, 

said Interrogator manufacture and said IC card 
provider can write respective predetermined 
particular data only once to an initialized IC 
card. 

said IC card manufacturer, said interrogator 
manufacturer and said IC card provider are dis- 
tinguished from each other. 

16. The method of using an IC card according to claim 
14. characterized in that a private key to access 
said particular data is stored in said IC card, and 

said particular data is allowed to be read out 



only when said private key is applied from said 
interrogator 
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